How to Disable External Sharing in SharePoint Online?
Requirement: Disable external sharing in SharePoint Online using PowerShell.
How to Disable External Sharing in SharePoint Online?
External sharing in SharePoint Online is a feature that enables users to share documents and content outside the organization with people who are not members of your organization, such as vendors, customers, consultants, etc. However, many organizations don’t want to open sharing because of security reasons! External sharing settings can be controlled at two levels: Tenant-wide and site collection levels.
To turn off external sharing in SharePoint Online at the tenant level, follow these steps:
- Login to SharePoint Online Admin Center as a global admin or SharePoint Online administrator.
- Expand “Policies” from the left navigation and click “Sharing”.
- Change the Sharing Settings for SharePoint Online to “Only people in your organization” to disable external sharing.
- Click on the “Save” button at the bottom to save your changes. This sets only members of the tenant can receive sharing invitations.
OneDrive for Business site’s External sharing settings depends on SharePoint’s Sharing settings! You cannot set OneDrive settings that are more permissive than the SharePoint Online tenant settings. (In other words, OneDrive for Business Sharing settings can be more restrictive than SharePoint Online’s Sharing settings).
If you are using the classic admin center, To turn off external sharing, do the following:
- Under the “Sharing outside your organization” section, set the sharing option to “Don’t allow sharing outside your organization”.
- Click on the “OK” button at the bottom to save your changes.
This prevents all users on all sites from sharing sites or sharing content on sites with external users.
Disable External Sharing in SharePoint Online using PowerShell:
We wanted to disable external sharing entirely for the organization.
#Set Admin Center URL
$AdminCenterURL = "https://crescent-admin.sharepoint.com/"
#Connect to SharePoint Online
Connect-SPOService -url $AdminCenterURL -Credential (Get-Credential)
#Disable external sharing for the tenant
Set-SPOTenant -SharingCapability Disabled
The same can be achieved with PnP PowerShell as:
#Parameters
$TenantAdminURL = "https://crescent-admin.sharepoint.com"
#Connect to Tenant Admin Site
Connect-PnPOnline -url $TenantAdminURL -Interactive
#Disable External Sharing for the tenant
Set-PnPTenant -SharingCapability Disabled
Disable External Sharing at Site Collection Level:
You can also disable external sharing at each individual SharePoint Online site collection. To disable external sharing at the site collection level using the SharePoint Online admin center, follow these steps:
- Go to SharePoint Online Admin Center >> Select the desired Site collection from the list.
- Click on the “Sharing” button >> Set the sharing settings to “Only people in the current organization”. Click on “Save” to commit your changes.
Disable External Sharing in SharePoint Online Site Collection using PowerShell
You can use PowerShell to further restrict sharing settings on individual SharePoint sites.
#Set Admin Center URL
$AdminCenterURL = "https://crescent-admin.sharepoint.com/"
$SiteURL="https://crescent.sharepoint.com/sites/operations"
#Connect to SharePoint Online
Connect-SPOService -url $AdminCenterURL -Credential (Get-Credential)
#Disable external sharing
Set-SPOSite $SiteURL -SharingCapability "Disabled"
Similarly, To disable external sharing using PnP PowerShell, use:
#Parameters
$TenantAdminURL = "https://crescent-admin.sharepoint.com"
$SiteURL = "https://crescent.sharepoint.com/sites/Purchase"
#Connect to Tenant Admin Site
Connect-PnPOnline -url $TenantAdminURL -Interactive
#Disable External Sharing for a site
Set-PnPTenantSite -Url $SiteURL -SharingCapability Disabled
PowerShell to Disable External Sharing for a OneDrive Site
Want to turn off external sharing for a particular user’s OneDrive? Sure! Here is the script:
#Parameter
$AdminCenterURL = "https://crescent-admin.sharepoint.com"
$OneDriveSiteURL = "https://crescent-my.sharepoint.com/personal/Salaudeen_crescent_com"
$SharingSettings = "Disabled" # Disabled, ExistingExternalUserSharingOnly, ExternalUserSharingOnly, ExternalUserAndGuestSharing
#Connect to Admin Center
Connect-SPOService -Url $AdminCenterURL
#Set External Sharing settings for an OneDrive site
Set-SPOSite -Identity $OneDriveSiteURL -SharingCapability $SharingSettings
Disable External Sharing for All Sites in the Tenant
External sharing is a great feature in Sharepoint Online that allows you to collaborate with people outside of your organization. However, there are times when you may want to disable this feature for security or compliance reasons. Here is the PowerShell script to disable external sharing on all SharePoint Online site collections:
#Parameters
$AdminCenterURL="https://crescent-admin.sharepoint.com"
$ExternalSharingSetting = "Disabled"
Try {
#Connect to Admin center
Connect-PnPOnline -URL $AdminCenterURL -Interactive
#Get all sites where the setting is different from the given parameter - Exclude Seach Center, Redirect sites, Mysite Host, App Catalog, Content Type Hub, eDiscovery and Bots
$SiteCollections = Get-PnPTenantSite | Where { $_.URL -like '*/sites*' -and $_.SharingCapability -ne $ExternalSharingSetting -and $_.Template -NotIn `
("SRCHCEN#0", "REDIRECTSITE#0", "SPSMSITEHOST#0", "APPCATALOG#0", "POINTPUBLISHINGHUB#0", "EDISC#0", "STS#-1")}
#Loop through each site and enable external sharing
ForEach ($Site in $SiteCollections)
{
#Apply External sharing setting for the site
Set-PnPTenantSite -Url $Site.Url -SharingCapability $ExternalSharingSetting
Write-host "External sharing Setting updated for:" $Site.URL -f Green
}
}
Catch {
Write-host -f Red "Error:" $_.Exception.Message
}
You can verify this in your SharePoint Online admin center, as shown in the image above. To get the list of sites where sharing capability is disabled:
Get-SPOSite | Where {$_. SharingCapability -eq "Disabled"}
To enable external sharing in SharePoint Online, refer to How to Enable External Sharing in SharePoint Online using PowerShell?
Conclusion
In conclusion, disabling external sharing in SharePoint Online is a simple process that can be accomplished through the SharePoint admin center by navigating to the sharing settings. You can also easily restrict external access to your SharePoint sites using PowerShell. It is important to keep in mind that disabling external sharing may affect collaboration with external partners, so it should be used judiciously and only in situations where it is necessary to protect sensitive information.
Make sure external sharing is enabled, browse to your SharePoint Online site >> Click on Site Settings >> Site Permissions >> Share Site. Enter the E-mail IDs of the external users, select the permission level such as “Read”, and then click on “Share” to add an external user to SharePoint Online.
More info: Grant access to external users in SharePoint Online
You can lock a SharePoint Online site to Read-Only mode, either with site policies or PowerShell.
More info: Set SharePoint Online site to Read-Only